Windows Server

GPUpdate Switches: GPUpdate vs GPUpdate force

Group Policy is a feature of Windows that facilitates a wide variety of advanced settings that network administrators can use to control the working environment of users and computer accounts in Active Directory. When a Group Policy is created using either the Group Policy Management Editor or via The Local Group Policy editor, these policies aren’t immediately applied to the user and computer objects Active Directory or your local computer. By default, these updates are applied every 90 minutes. To us, this is like forever, and we want these policies to be applied immediately. In this case, the GPUpdate command can be used to achieve this. You may want to see the following articles as well. Why use RSAT? How to Install RSAT on Windows 10Remote Server Administration Tools: To install RSAT on Windows Server, and what is Group Policy Object and how can it be launched in Windows.

In this article, I will be focusing and clearing the misconception between gpupdate vs gpupdate /force. Here is a brief explanation of the difference between the two.

Gpupdate: Here the gpupdate reads the Group Policy store and versions of the GPOs and applies GPOs only if something has changed.
– In other words, it applies any policies that is new or changed user and computer policy settings are applied.
Gpupdate /force: Here all group policies are downloaded and applied.
– In other words, it reapplies every policy, both new and old. With the  /Force switch, this is only vital  if there are local admins, then you might have to call this up to make sure that everything is as predetermined

Simply running gpupdate is sufficient most of the time. Running gpupdate /force against several targets (devices) can have tremendous effects; these devices will end up re-evaluating the GPO applied to them. In this way, if there are settings configured wrongly by some other administrators, these settings will be applied. Here is the syntax of how the tool is used.

Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:<value>] [/Logoff] [/Boot] [/Sync]

Via Command Prompt: For other switches as displayed on the image above, here are some descriptions

gpupdate /force
  • /LogOff: Here, certain GPOS, such as Folder Redirection, can’t apply in the background. If a logoff is required, this switch will initiate it.
  • /Boot: If a policy, such as software installation, needs to be applied – the boot command will reboot the machine.
  • /Sync: Useful for changing the foreground (startup/logon) processing to sync.

Via PowerShell: You can also use PowerShell cmdlets to target remote devices in order to apply GPUpdate.

Example 1:
Invoke-GPUpdate -Computer COMPUTERNAME –Force
Example 2.
$Computers  = Get-AdComputer -SearchBase "OU=testuser, DC=TechDirectArchive,DC=local" -Filter *
Foreach ($Computer in $Computers) {invoke-gpupdate -Computer $Computers.Name} 

Via Group Policy Management Console: Lastly, Microsoft also has a feature built into Group Policy Management Console that enables you to run GPUpdate against an OU.

  • On the desired “OU”
  • Right click and select Group Policy Update and that is all.

If you have found other useful methods, kindly comment below and let me know via the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Kindly subscribe to TechDirectArchive
This is default text for notification bar